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DETAILED ACTION 

CLAIMS PRESENTED 

Claims 1-47 are presented. 

Arguments regarding Claims 1-46 

Applicant's arguments filed have been fully considered but they are not 
persuasive as to claims 1-46. See the section regarding the inapplicability of the 
Windows 2000 reference. 

Response to Arguments regarding Claim 47 

Regarding claim 47, Applicant is entirely correct. On this ground, Applicant's 
request for reconsideration of the finality of the rejection of the last Office action is 
persuasive and, therefore, the finality of that action is withdrawn. 

Response to Arguments regarding 
Inapplicability of Windows 2000 reference 
Used in the rejection under 35 USC 103 

Even, assuming arguendo, that Applicant is correct regarding the inapplicability 
of the Windows 2000 reference (used in the rejections under 35 USC 103), Applicants 
arguments are moot in view of the new ground(s) of rejection with the Kormann 
reference. See the rejection under 35 USC 102. 
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Microsoft Passport is the first well known federated identify management 
protocol. For a survey on federated identity management, see Pfitzmann (Birgit 
Pfitzmann, Michael Waidner: Federated Identity-Management Protocols; 11th 
International Workshop on Security Protocols (2003), LNCS 3364, Springer-Verlag, 
Berlin 2005, 153-174. See especially Section 2. Existing Proposals and Design Goals, 
which identifies Microsoft Passport as the first. 

The view of Pfitzmann is confirmed by Kaminsky (Michael Kaminsky. User 
Authentication and Remote Execution Across Administrative Domains. Ph.D. Thesis, 
MIT, September 2004), which makes references throughout the paper to Microsoft. 

Furthermore, Applicant's arguments regarding the inapplicability of Windows 
2000 seem less persuasive when considered in the light of the opinions of the leading 
scholars (Pfitzmann, Waidner, Kaminsky) on this subject. These scholars assert 
Passport from Microsoft as the first well known protocol in the field. Because they also 
discuss Windows as a successor to Passport, Applicant's arguments regarding the 
inapplicability of Windows 2000 seem less persuasive. 

CLAIM REJECTIONS 

Claim Rejections - 35 (JSC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
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applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-47 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Kormann (David P. Kormann and Aviel D. Rubin, Risks of the Passport Single Signon 
Protocol, Computer Networks, Elsevier Science Press, volume 33, pages 51-58, June, 
2000). 

Claim 1: A cross-domain authentication apparatus (figure 1. the passport 
architecture, i.e., the domain of IBM.com and domain of the user as represented by the 
browser), 

the apparatus comprising: 

a first computer on a first domain and a second computer on a second domain; 

a network connecting the first and second computers (the Internet, as noted at 
section 3.1 Single signon protocol); 

a secret shared between the first and second computers (the authentication 
using passport server, as noted at section 3.1 Single signon protocol); and 

a federation access policy identifying access permission on the first computer on 
the first domain a user local to me second computer on the second domain over the 
network (the authentication using passport server, as noted at section 3.1 Single signon 
protocol). 

Microsoft Passport is the first well known federated identify management protocol 
and already had 40 million users as of June, 2000. 
Claim 19 is another independent claim. 
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Claim 19: A method for performing cross domain authentication (figure 1. the 
passport architecture, i.e., the domain of IBM.com and domain of the user as 
represented by the browser), 

the method comprising: 

receiving a request for a resource on a first computer on a first domain from a 
user local to a second computer on a second domain over a network (the 
authentication using passport server, as noted at section 3.1 Single signon protocol); 

challenging the user to be authenticated (the authentication using passport 
server, as noted at section 3.1 Single signon protocol); 

authenticating the user (the authentication using passport server, as noted at 
section 3.1 Single signon protocol); 

informing the first computer on the first domain that the user is authenticated (the 
authentication using passport server, as noted at section 3.1 Single signon protocol); 
and 

accessing the resource from the first computer on the first domain using the 
second computer on the second domain (the access of the consumer and the merchant 
of each other's money and products and computer data, as noted at section 3. How 
Passport works). 

Claims 2, 3, 22, 25, 26, 28, 31, 32, 34, 35, 45 deal with HTTP and proxies. See 
the fourth (the last) paragraph of Section 1 . Introduction that discusses HTTP 
redirection and thus proxies. 



Application/Control Number: 09/81 5,454 Page 6 

Art Unit: 2134 

Claims 4-8, 10-12, 14-18, 20, 21, 23, 24, 27, 29, 30, 33, 36-44, 46, 47 deal with 
cross domain authentication so as to be able to resources. See the authentication 
using passport server, as noted at section 3.1 Single signon protocol. 

Claim 9 deals with permitting a second user to have access without requiring 
assistance from an administrator. See the second and the third paragraphs of Section 
1 . Introduction that discusses how Passport differs from Kerberos. See also section 
4.1 .5 Persistent cookies that discusses how Passport differs from Kerberos. See also 
figure 1. the passport architecture, i.e., the domain of IBM.com and domain of the user 
as represented by the browser. See also the authentication using passport server, as 
noted at section 3.1 Single signon protocol. 

On the feature of the administrator, Passport differs from Windows 2000. In 
Windows 2000, with the permission and assistance of one administrator, a second user 
(e.g., another administrator) may have access without requiring assistance from the 
other administrator. 

Passport does not promote the administrator to block users in such fashion; 
Passport differs from some versions of Windows in how Kerberos is used. Passport 
permits a second user to have access without requiring assistance from an 
administrator. This was one of the reasons why there were already 40 million users as 
of June, 2000. 

Claims 13 deals with SSL. See the fourth (the last) paragraph of Section 1. 
Introduction that discusses SSL. 
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Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claims 1-47 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Windows 2000 (cited in the previous Office Action). 

Claims 1-46 are rejected as in the previous Office Action. 

Regarding claim 47 (A cross-domain authentication apparatus according to 
claim 1, wherein the first domain is different from the second domain), Windows 2000 
teaches the use of multiple domains in which the domains are different. See section 
"Process of Logging On." 

Conclusion 

The art made of record and not relied upon is considered pertinent to applicant's 
disclosure. The art disclosed general background. 

Points of Contact 

Any response to this action should be mailed to: 



Commissioner of Patents and Trademarks 
Washington, D.C. 20231 
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or faxed to: 



(571) 273-8300, (for formal communications intended for entry) 



Or: 



(571 ) 273-3836 (for informal or draft communications, please label "PROPOSED" or 
"DRAFT") 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Jung whose telephone number is (571) 272-3836 
or Kambiz Zand whose telephone number is (272) 272-381 1 . 



David Jung 



Patent Examin 




2/21/07 



